Legal claims defining the scope of protection, as filed with the USPTO.
1. In a computer that includes a client application for communicating with a remote computer, a computer-implemented method of removing active malware from the computer, the method comprising: searching a set of locations on the computer for active malware; identifying active malware resident on the computer; identifying actions required to remove the identified active malware resident on the computer; downloading and installing a software application having routines that remove the active malware from the remote computer after the active malware is identified as resident on the computer; creating journal entries for each required action before any of the required actions are executed; executing the routines of the software application to remove the active malware from the computer; storing the results of the execution of the routines in a log file that remains on the computer after the software application is removed; transmitting data to the remote computer that includes the identity of any active malware identified on the computer and whether the malware was successfully removed; and removing the software application after storing the results of the execution of the routines and transmitting the data to the remote computer.
2. The method as recited in claim 1 , further comprising storing information in the log file on the computer that includes the identity of any active malware identified and whether the malware was successfully removed.
3. The method as recited in claim 1 , wherein routines that search a set of data on the computer for active malware are included in a software application that is downloaded from the remote computer.
4. The method as recited in claim 1 , wherein a software application is automatically downloaded and installed on the computer when an updated version of the software application becomes available.
5. The method as recited in claim 1 , wherein searching a set of locations on the computer for active malware includes: identifying the active processes on the computer; identifying data in memory that is associated with the active processes; and comparing the data in memory to malware signatures.
6. The method as recited in claim 5 , wherein identifying the active processes includes performing a search of a table that stores the state associated with the active processes.
7. The method as recited in claim 5 , wherein the malware signatures are generated using a hash function.
8. The method as recited in claim 1 , wherein searching a set of data on the computer for active malware includes searching configuration databases for entries generated by malware.
9. The method as recited in claim 8 , wherein a configuration database searched is a system registry.
10. The method as recited in claim 1 , wherein searching the computer for active malware includes searching metadata for file names that are associated with active malware.
11. The method as recited in claim 1 , wherein identifying the actions required to remove the active mal ware includes suspending processes generated by the malware
12. The method as recited in claim 1 , wherein executing the actions required to remove the active malware from the computer includes: killing processes associated with the malware; removing entries made by the malware in configuration databases; and deleting files used by the malware.
13. A system embodied on a computer-readable storage medium bearing computer-executable instructions that, when executed by a processor operatively coupled to memory on a computer that includes a client application for communicating with a remote computer, carries out a method for removing active malware from the computer, the method comprising: searching a set of locations on the computer for active malware; identifying active malware in the searched set of locations; identifying actions required to remove identified active malware from the computer; downloading and installing computer-executable instructions to the computer having routines that when executed, perform the actions required to remove the identified active malware, the instructions are downloaded from the remote computer after the active malware is identified as resident on the computer; creating journal entries for each required action before any of the required actions are executed; executing the routines configured to remove the active malware from the computer; storing the results of the execution of the routines in a log file that remains on the computer after the instructions having the routines are removed from the computer; transmitting data to the remote computer that includes the identity of any active malware identified on the computer and whether the malware was successfully removed; and removing the instructions having the routines from the computer after the results are stored in a log file and the data is transmitted to the remote computer.
14. The method as recited in claim 13 , further comprising storing information in the log file on the computer that includes the identity of any active malware identified and whether the malware was successfully removed.
15. The method as recited in claim 13 , wherein routines that search a set of data on the computer for active malware are included in a software application that is downloaded from the remote computer.
16. The method as recited in claim 15 , wherein a software application is automatically downloaded and installed on the computer when an updated version of the software application becomes available.
17. The method as recited in claim 13 , wherein searching a set of locations on the computer for active malware includes; identifying active processes on the computer; identifying data in memory that is associated with the active processes; and comparing the data in memory to malware signatures.
18. The method as recited in claim 17 , wherein identifying the active processes includes performing a search of a table that stores a state associated with the active processes.
19. The method as recited in claim 17 , wherein the malware signatures are generated using a hash function.
20. The method as recited in claim 13 , wherein searching a set of data on the computer for active malware includes searching configuration databases for entries generated by malware.
21. The method as recited in claim 20 , wherein a configuration database searched is a system registry.
22. The method as recited in claim 13 , wherein searching the computer for active malware includes searching metadata for file names that are associated with active malware.
23. The method as recited in claim 13 , wherein identifying the actions required to remove the active mal ware includes suspending processes generated by the malware.
24. The method as recited in claim 13 , wherein executing the actions required to remove the active malware from the computer includes: killing processes associated with the malware; removing entries made by the malware in configuration databases; and deleting files used by the malware.
25. A computer system comprising a processor and memory which stores one or more computer executable components that when executed by the processor perform the following steps to remove active malware from the computer system: search a set of locations on the computer for active malware; identify active malware resident on the computer; identify actions required to remove the identified active malware resident on the computer; download and installing a software application having routines that remove the active malware from the remote computer after the active malware is identified as resident on the computer; create journal entries for each required action before any of the required actions are executed; execute the routines of the software application to remove the active malware from the computer; store the results of the execution of the routines in a log file that remains on the computer after the software application is removed; transmit data to the remote computer that includes the identity of any active malware identified on the computer and whether the malware was successfully removed; and remove the software application after storing the results of the execution of the routines and transmitting the data to the remote computer.
26. The computer system as recited in claim 25 , wherein the one or more computer executable components further perform the step of automatically downloading and installing the software application when a new version of the software application becomes available.
27. The computer system as recited in claim 25 , wherein the one or more computer executable components farther perform the step of suspending processes generated by malware when malware is detected.
28. The computer system as recited in claim 25 , wherein the set of locations includes configuration databases on the computer.
29. The software system as recited in claim 25 , wherein the set of locations includes a table that stores a state associated with active processes running on the computer system.
30. The software system as recited in claim 25 , wherein the set of locations includes metadata that identifies file names that are associated with active malware.
Unknown
March 2, 2010
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.